This Week in Technology

The malware also exploits an even older Windows bug, CVE-2015-1705, a win32k.sys local elevation of privilege flaw that was found to be useful by targeted attackers because it could be used to bypass a Windows application's sandbox. Once a machine has been fully compromised, the backdoor uses a private Slack channel to check commands taken from 'gist' snippets hosted on GitHub, and then sends the commands to a private Slack channel controlled by the attacker.

In a short statement posted on its blog, Citrix Chief Security Information Officer Stan Black said Citrix found out about the hack from the FBI earlier this week. "On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network," Black said.

The past year has seen a wide range of changes in the financial cyberthreats landscape, with new infiltration techniques, attack vectors and extended geography. But perhaps the most interesting thing to have happened is the changes in how people are victimized. With block chain and cryptocurrency now becoming popular, many new means of payment emerged on both on the white and black markets – attracting unwanted criminal attention.

The problem lies with Box.com account owners who don't set a default access level of "People in your company" for file/folder sharing links, leaving all newly created links accessible to the public. If the organization also allows users to customize the link with vanity URLs instead of using random characters, then the links of these files can be guessed using dictionary attacks.

The Windows 7 end-of-life deadline could be the tipping point. Microsoft’s end of support date for Windows 7 is now less than a year away, set for Jan. 14, 2020. While there are certainly some good reasons for businesses to migrate off Windows 7, Microsoft will provide two options for businesses to still receive security updates on Windows 7 past the January deadline.

McAfee endpoint products use a combination of product features and content for increased agility. In McAfee Endpoint Security (ENS) 10.5+, such protection is enabled via the ‘Detect suspicious email attachments’ option and maintained through DAT content.

The amount of data and tools enterprise security professionals need to manage today is constantly growing, resulting in greater cyber security complexity. SEP Mobile’s smart content manipulation classification is a prime example of how we’re using innovative research, big data and proprietary technology to give security professionals threat accuracy and focus – so they can do their jobs better.

Ivanti Cloud Unifies IT Operations and Security Processes So Organizations Can Quickly Discover, Gain Insights and Take Action

[Ivanti’s] new cloud-based platform unifies IT operations and security data and processes so organizations can quickly assess their environment and gain insights. Providing a real-time view into device analytics, the new cloud-based solution also offers prescriptive recommendations through Ivanti Smart Advisors, which provide prioritized, data-driven guidance for what to do next to help analysts be more effective.

Hackers are targeting WordPress sites that use the "Abandoned Cart Lite for WooCommerce," a plugin installed on over 20,000 WordPress sites, according to the official WordPress Plugins repository. These attacks are one of those rare cases where a mundane and usually harmless cross-site scripting (XSS) vulnerability can actually lead to serious hacks.

New Android App Malware Infects 250 Million Downloads – Here’s What You Need To Know

Check Point Research has uncovered two large-scale malware campaigns that have infected Android apps with more than 250 million downloads in total. The first campaign, dubbed SimBad as many of the infected apps were simulator games, infected 210 apps found in the official Google Play Store.

Email is a favorite attack vector for distributing malware. Bad actors are continually adapting their techniques to improve their ROI. In the past year, FireEye has observed a shift from malicious attachments or code to malware-less threats such as spear phishing emails wrapped in impersonation packages. FireEye Email Security counters both breeds of threats, not only blocking attachments weaponized with malware, but also seeking and destroying fraudulent wire transfer requests, URL links to credential phishing sites, and other social engineering and impersonation techniques.

This banking malware just returned with new sneaky tricks to steal your data

Researchers have uncovered a new, previously undocumented version of Ursnif which applies different, stealthier infection tactics than other campaigns. This includes what researchers refer to as "last minute persistence" - a means of installing the malicious payload which tries to ensure a lower chance of being uncovered.

Researchers on Thursday revealed that seven sites—each with more than 500,000 collective visitors per month—have been compromised with a previously unseen strain of sniffing malware designed to surreptitiously swoop in and steal payment card data as soon as visitors make a purchase.

In a report published yesterday, US cyber-security firm McAfee described the latest of these campaigns, one using an Ariana Grande lure to trick users into opening booby-trapped archives that plant malware on their systems. All in all, McAfee experts say they've seen "100 unique exploits and counting" that used the WinRAR vulnerability to infect users.

The report said out of 250 apps tested, only 80 qualified the basic benchmark of 30 percent detection of malware during individual tests. 170 of the 250, Android antivirus apps failed the basic tests and turned out to be a sham. Most of the apps tested were enjoying a score of 4 and above on the Google Play Store reviews.